Create sections for Verification Methods and Signature Suites

[rhiaro]

Re: https://github.com/w3c-ccg/community/issues/56

I don't fully understand this stuff but I've done the best with the information I have. The two sections are Verification Methods (containing key formats) and Signatures Suites (containing signature suites).

Todo/help wanted:

• I haven't added any editorial blurb because I don't know what it should say.
• Ed25519VerificationKey2018 links to the key formats section of the Ed25519 Signatures spec, is that okay?
• RsaVerificationKey2018 and EcdsaSecp256k1VerificationKey2019 link to the equivalent SignatureSuite specs because that's what was there before, but neither of which mention anything about key formats. Do they need to link to somewhere else? Do those specs just need updating?

I think then the next thing that needs doing is adding all the other keys listed in https://w3c-ccg.github.io/did-spec/#public-keys to the Verification Methods section? (As a separate PR)

[dmitrizagidulin]

@rhiaro Thanks!

(Looping in @dlongley to double check)

[peacekeeper]

This looks good to me, yes we should have separated those two things long ago. My answers to your comments would be:

I haven't added any editorial blurb because I don't know what it should say.

I think it's fine the way it is, perhaps in the Abstract change "Linked Data Key descriptions" to "Linked Data Cryptographic Suites".

Ed25519VerificationKey2018 links to the key formats section of the Ed25519 Signatures spec, is that okay?

I'd say yes it's okay; even though with your PR we list Verification Methods and Signature Suites separately, a single combined specification could define both.

RsaVerificationKey2018 and EcdsaSecp256k1VerificationKey2019 link to the equivalent SignatureSuite specs because that's what was there before, but neither of which mention anything about key formats. Do they need to link to somewhere else? Do those specs just need updating?

Yes I think the specs just need updating. @OR13 has a PR to edit the secp256k1 one and define EcdsaSecp256k1VerificationKey2019: https://github.com/w3c-dvcg/lds-ecdsa-secp256k1-2019/pull/2.

[dlongley]

One thing we need to be careful about in how we present/list this stuff is in accidentally suggesting that the verification methods are decoupled from the signature suites; they aren't. There is a 1:1 binding between verification method and signature suite. It's fine to do whatever we need for presentation purposes, but we intentionally baked in this binding to prevent people from mixing and matching as it's a security threat.

[dmitrizagidulin]

@dlongley What's the status of this PR? Can it be merged?

[dlongley]

@dmitrizagidulin, I think this is ok because it's a net improvement over what we have. To keep track of my above concern, I'll convert it into an issue.